In recent years, electronic transaction devices such as point of sale (POS) devices, ATMs, personal digital assistants (PDAs), personal computers (PCs), and bank system networks have found much use in commerce. Transactions involving such devices are carried out everyday over media including the Internet, as well as through POS or bank system networks. Such transactions typically request from the customer-user private information such as a personal identification number (PIN), signature, password, or some other form of private identification. A merchant involved in the transaction uses such private information to verify authenticity of the user's identity, and to authorize the transaction.
Understandably it is important that such private information be protected from access by authorized parties. Should such private information fall into the wrong hands, the user may be at risk for identity theft and for fraudulent transactions, perhaps the user's credit card information. The unauthorized party may utilize the user's private information to fraudulently perform transactions ostensibly on behalf of the unsuspecting user. Prior art systems are designed to try to maintain integrity of user private information when such information is transmitted or promulgated from the transaction device to a remote device. However is it also important to adequately secure user private information within the transaction device itself. While various techniques have been developed to encrypt user private information within a transaction device, further protection for such data is needed.
What is needed is a method and mechanism by which private user information input to a transaction device can be better protected within the device. Preferably such protection should be greater than what is presently available using conventional encryption techniques.
The present invention provides such a method and mechanism to enhance security of user private information within a transaction device.